Apple, Google, and Microsoft have joined forces to end our reliance on passwords by adopting a passwordless sign-in standard that will help improve the security and user-friendliness of internet applications.
The sign-in protocols are called FIDO and work by creating cryptographic key pairs when you register for online services.
A private key is stored locally on your device and can only be accessed when you unlock it – whether that be through a fingerprint reader, a PIN, a face scan, or another method.
When you next want to login to that service you simply open your phone. No more passwords.
FIDO is billed as a major shift in internet security by shifting the attack surface away from strings of characters that can be guessed, copied, or stolen through phishing and toward physical devices.
With some of the biggest operating system and device manufacturers now expanding their support of FIDO, the hope is that this will signal the beginning of the end for passwords.
Alex Simons, Corporate Vice President of Identity Program Management at Microsoft, said any passwordless world must be easily integrated into people’s lives.
“Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” he said.
“By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords.”
The FIDO login process authenticates you with your device. Image: supplied
FIDO has been around for years as but had limited consumer adoption because it lacked account recovery options for non-enterprise environments where credentials aren’t managed.
This changed in March when the FIDO Alliance made it simpler for vendors to implement multi-device credentials, allowing users to store their passkeys on various devices as a redundancy and to easily migrate passkeys when upgrading hardware.
Google has been part of the FIDO alliance since 2013 and integrated the standards with its physical security key products.
Mark Risher, Senior Director of Product Management at Google, said the expansion of FIDO will help consumers keep accounts safe in an easier way.
“We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords,” he said.
Companies are expected to roll out their FIDO authentication products over the next year.